It is an Audit detection. These are not blocked by default. To block them you would go into your IPS policy, find these signatures, and change to block.
------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software
------------------------------
Original Message:
Sent: Dec 20, 2022 01:21 PM
From: Mike Sanders
Subject: Nmap Scanning Activity
Can you please tell me how to block these malicious scans from happening in the future?
These are the ones i get:
[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM |
[SID: 33939] Audit: Nmap Scanning Activity 2 attack detected but not blocked. Application path: SYSTEM
Thank you!
Original Message:
Sent: Dec 14, 2022 04:13 AM
From: Gregory Anderson
Subject: Nmap Scanning Activity
It's either whitelisted in Host group rule, or ignored or allowed in the
HIPS policy itself.
Gregory A Anderson
Linkedin Group and Profile <https: ">www.linkedin.com/groups/3776646/="">
C 7209843292
O 3032682216
Skype 7204573585
Original Message:
Sent: 12/13/2022 4:53:00 PM
From: Mike Sanders
Subject: Nmap Scanning Activity
Should we get worried?
[SID: 33939] Audit: Nmap Scanning Activity 2 attack detected but not blocked.
1- why is not being blocked?
2- Nmap is very dangerous scan that shouldn't scan and not be blocked no?
3- Should i block the remote IP address from the firewall to avoid future scan? or there's a better way to avoid Nmap scans period.
Thank you.</https:>